Help

Advice On Large 10.9.x Laptop Deployment - App Store Apps

rcorbin
Contributor II

Posted on ‎04-09-2014 03:46 PM

We are about to do a vary large deployment of laptops. (900 MacBook Pros) This will be our first big deployment of 10.9.x machines. We have a few individual 10.9 machines out there, but the majority of our install base is currently 10.8.x. We have done lots of large deployment of this size in the past so that part isn’t new to us. It’s just the first time with 10.9.x and Casper 9.2x.

The only 10.9 qwerk I’ve heard about is the AD one, but these users will all be in OD.

Are there others I need to be aware of ?

A couple of things I’m thinking about in preparation for this….

  1. These machines already have OS X, iLife, and iWork on the factory install. In the past we have usually just Netbooted our machines, then erased, and installed an OS package and all the apps. In this deployment I’m thinking about the possibility of doing more of a thin image process. Just create an admin account, recon the machine and put it in a group that will trigger a policy to install all of the other apps and profiles that it will need etc. I’m not sure if this will actually provide any time savings. But I’m also wondering if this will provide smoother updates to these pre-installed app store apps. Can they auto-update if I go that route ? Anyone else using more of a thin imaging process for large deployments ? To me it almost sounds like the setup/creation of the admin account on every machine might be time consuming.

  2. If I do go our regular route and erase and install everything from scratch I’m wondering about the best way to install the app store apps. We have packaged them in the past so we know we can do that but since all of them are getting these do I just bake it into the OS image for this project ? Maybe I just make a new OS image from from one of these machine with everything baked in ? Wondering again if that would allow smoother updates to these pre-installed app store apps.

  3. I’m wondering if it’s now possible to have apps like iLife and iWork install automatically from the app store ? VPP ? MDM token ? I’m still at Casper 9.25 but I think some features like that are in Casper 9.3 for iOS. ?? We have caching servers at every site.

  4. Our users don’t have admin access and in the past they haven’t had access to the app store. Another option would be to find a way to give them access so that they could install some of these apps themselves. (add the user to the _appstore group ?)

Lots of things to think about.....

0 Kudos
Reply
3 REPLIES 3

bentoms
Release Candidate Programs Tester

Posted on ‎04-09-2014 10:53 PM

Some questions are covered here: https://jamfnation.jamfsoftware.com/discussion.html?id=10240

0 Kudos
Reply

freddie_cox
Contributor III

Posted on ‎04-10-2014 06:15 AM

In regards to the app store, since you are using a directory service you can create a group to allow AppStore access w/o opening it up for all using the group you mentioned.

sudo /usr/sbin/dseditgroup -o edit -n /Local/Default -a 'ADTeachers' -t group _appstore
0 Kudos
Reply

rcorbin
Contributor II

Posted on ‎04-15-2014 11:11 AM

I've started a separate discussion about this as well : https://jamfnation.jamfsoftware.com/discussion.html?id=10344

I came across this by accident this morning and I'm a bit confused. Did I miss a thread somewhere ? (I've looked around and I don't see anything talking about this.)

Using a test non admin local account on a 10.9.2 machine I was able to install an app from the Mac app store on that machine. I can pick any legit Apple ID to do so. I thought the user needed to be in the _appstore group for this to happen ? Or at least an admin account. Is this something new in 10.9 that I've missed ? I thought the user would need to have write access to the Applications folder. Went back to a 10.8.5 machine and sure enough it doesn't work. It asks for an admin password. So this behavior seems to be a 10.9 thing.

For a one to one deployment I can see this as an ok thing. In some ways it could be a bonus. I was looking for ways to do this using the _appstore group. But for labs this could be a bit of a disaster. That would mean that any student with an Apple ID could install apps from the Mac App store on those machines. Do I have this right ? I've tested this on a couple of different machines.

0 Kudos
Reply